Pro tip for hackers: Don’t threaten people whose specialty is uncovering the identity of cybercriminals.
That mistake apparently led to the October arrest of Alexander “Connor” Moucka, 25, the alleged mastermind behind the massive Snowflake data breach earlier this year. The Kitchener, Ontario resident is currently in Maplehurst Correctional Complex awaiting extradition proceedings that will determine whether he stands trial in the U.S.
Here’s the story behind Moucka’s arrest, or as much of it as investigators are willing to reveal.
Hacker Threats ‘The Stupidest Thing Ever’
Moucka had allegedly been boasting about his exploits on Telegram under the alias ‘Waifu” when he threatened Unit221B Chief Research Officer Allison Nixon – who then assigned one of her researchers to find out his real identity, according to the Waterloo Region Record.
“Why would he target a company that is not working on his case and specializes in identifying cybercriminals?” Nixon told the Toronto-based paper. “It is just the stupidest thing ever.”
It took several months – and one critical operational mistake by Waifu – before Moucka’s name was handed over to law enforcement.
Nixon isn’t saying much about Waifu’s mistakes in order to keep cybercriminals from learning from them. Nor is she saying much about the threats he made, telling The Cyber Express that they included “every kind of bad language that kids on the internet say basically.”
A threat actor who goes by the alias “kiberphant0m” has taken up Moucka’s cause since the arrest, in addition to selling data from Snowflake and other breaches – including what may be older call logs from President-elect Donald Trump and Vice President Kamala Harris.
Asked if she had any idea who kiberphant0m is, Nixon replied, “no comment.”
Waifu’s History Allegedly Includes ‘The Com’
Nixon first crossed paths with “Waifu” in 2019 when the New York Police Department was seeking information about the hacker, who identified as a member of “The Com,” a loose cybercrime collective she had been tracking that also includes the group known as “Scattered Spider.”
The Com has also been linked to extortion, violence, swatting and other disturbing acts, so a threat from a member wasn’t something to be taken lightly.
Nixon reveals something of her own exploits on her X feed, and some of her posts have a bit of a taunting tone, such as saying “this guy spent too much time posting and not enough getting a lawyer” while linking to an article on an arrest.
And while she doesn’t directly say which cases she was involved in, there are hints, such as posting “Who wants to be next?” when linking to an arrest. She did that with news of Moucka’s arrest, and again recently when linking to the case of Remington Ogletree, a 19-year-old alleged Scattered Spider member charged with telecom and financial breaches.
This is probably wasted advice given the culture of some threat groups, but be careful who you pick fights with online. You might be dealing with a formidable opponent like Nixon.
